-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.034 2006-11-15 ________________________________________________________________________ Package: texinfo Vulnerability: arbitrary code execution OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLID <= texinfo-4.8a-E1.0.0 >= texinfo-4.8a-E1.0.1 2-STABLE-20061018 <= texinfo-4.8a-2.20061018 >= texinfo-4.8a-2.20061114 2-STABLE <= texinfo-4.8a-2.20061018 >= texinfo-4.8a-2.20061114 CURRENT <= texinfo-4.8a-20061013 >= texinfo-4.8a-20061114 Description: Miloslav Trmac from Red Hat discovered [0] a buffer overflow in GNU Texinfo [1]. The flaw was found in a function used by Texinfo's texi2dvi(1) and texindex(1) commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi(1) or texindex(1) to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4810 [2] to the problem. ________________________________________________________________________ References: [0] https://rhn.redhat.com/errata/RHSA-2006-0727.html [1] http://www.gnu.org/software/texinfo/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) which you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the instructions on http://openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iD8DBQFFWyJDgHWT4GPEy58RAvnXAJ40eH3nTaJxsK/2EzVgM2jqBGcsNQCfS+ze ep1xSDUEIHYfUGAKV+g0OUA= =ZDt7 -----END PGP SIGNATURE-----